1 COPS Guide - Application Cheat Sheet
1.1 CPU
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Info | CPU-Z | CPUID.CPU-Z | ✕ | |
| Stress | CPU-Z | CPUID.CPU-Z | ✕ |
1.2 GPU
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Driver (Update-AMD) | AMD Adrenalin | - | ✕ | |
| Driver (Update-INTEL) | Intel HD Graphics | - | ✕ | |
| Driver (Update-NVIDIA) | Nvidia App | - | ✕ | |
| Driver (Uninstall) | Display Driver Uninstaller (DDU) | Wagnardsoft.DisplayDriverUninstaller | ✕ | Boot into Safe Mode to use |
| Info | GPU-z | TechPowerUp.GPU-Z | ✕ | |
| Stress | Furmark | Geeks3D.FurMark | ✕ |
1.3 STORAGE
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Benchmark | CrystalDiskMark | CrystalDewWorld.CrystalDiskMark | ✕ | |
| Clone | MiniTool Partition Wizard | MiniTool.PartitionWizard.Free | ✕ | Bootable full version on Medicat |
| Info | CrystalDiskInfo | CrystalDewWorld.CrystalDiskInfo | ✕ | |
| Info | Clear Disk Info | - | ✕ |
1.4 SYSTEM
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Temperatures | HWMonitor | CPUID.HWMonitor | ✕ |
1.5 WINDOWS
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Blue Screens (Check STOP-Codes/Errors) | BlueScreenView | NirSoft.BlueScreenView | ✕ | |
| Drivers (Verify) | Verifier | Win+R: verifier | ✕ | Built-in to Windows |
| Drivers (Update) | Snappy Driver Installer Origin (SDIO) | GlennDelahoy.SnappyDriverInstallerOrigin | ✕ | |
| License Keys (Extract) | Product Key Scanner | - | ✓ | Extract license keys for Windows and/or Office |
| License Keys (Extract) | ProduKey | - | ✓ | May find licenses for some older products that Product Key Scanner could miss |
| Software (Uninstall + Remnant Removal) | RevoUninstaller | RevoUninstaller.RevoUninstaller | ✕ | |
| Remote Access | TeamViewer | winget install TeamViewer.TeamViewer | ✕ | May run into connection limit on free version |
| Remote Access | UltraViewer | winget install DucFabulous.UltraViewer | ✕ | Alternative to TeamViewer |
| User Profile (Backup/Migrate) | Transwiz | - | ✕ |
2 Data Transfer (Windows)
2.1 Backup
- Restart Windows
> Force Restart Windows now to provide a clean environment for proceeding
>shutdown -r -f -t 00 - [OPTIONAL] Create a new System Restore point
- Disable Antivirus
> Some of our extraction tools prompt false positives in the majority of security software - Create a Job folder on a Transfer Drive
naming convention:
Job#5000> Create a new folder with the current job number to save User Data to - Backup User Profiles
> CopyC:\Users\folder to the Job folder on the Transfer Drive - Backup Web Browsers
For each web browser installed complete the following:- Export Bookmarks
naming convention:
Web Browser - Google Chrome - Bookmarks - 2024-07-15.html
or
web-browser_google-chrome_bookmarks_2024-07-15.html> Google Chrome URL:chrome://bookmarks
> Microsoft Edge URL:edge://favorites
> AVG Secure Browser URL:secure://bookmarks
> Mozilla Firefox Hotkey:Ctrl+Shift+O
> Microsoft Internet Explorer:%USERPROFILE%\Favorites - Export Passwords
naming convention:
Web Browser - Google Chrome - Passwords - 2024-07-15.csv
or
web-browser_google-chrome_passwords-2024-07-15.csv> Google Chrome URL:chrome://password-managerorchrome://settings/passwords(older Chrome versions)
> Microsoft Edge URL:edge://wallet/passwordsoredge://settings/passwords(older Edge versions)
> AVG Secure Browser URL:secure://password-managerorsecure://settings/passwords(older Secure Browser versions)
> Mozilla Firefox URL:about:logins
> Microsoft Internet Explorer: use Nirsoft IE PassView - Sync Accounts
Try to sync each browser with their relevant accounts if available
Manual exports of Bookmarks + Passwords is good, but syncing the entire browser is better- Google Chrome:
Google Account>chrome://sync-internals
> Check Enabled:Sync Feature Enabled= true
> Check Account:Username
> Checked Synced:Last Synced= Just now
> Check Not Actively Syncing:Sync Cycle Ongoing= false
> Force Sync (if required):chrome://extensions> enableDeveloper mode> clickUpdate
- Microsoft Edge:
Microsoft Account> TODO (but it’s similar to Chrome)
- AVG Secure Browser:
AVG Account> TODO (but it’s similar to Chrome)
- Mozilla Firefox:_
Mozilla Account> TODO
- Google Chrome:
- Export Bookmarks
- Export Installed Programs List
naming convention:
Installed Programs - Nirsoft Uninstallview - 2024-07-15.html
or
installed-programs_nirsoft-uninstallview_2024-07-15.html> use Nirsoft UninstallView, save all as Horizontal HTML - Export Winget
naming convention:
Winget - Export - 2024-07-15.json
or
winget_export_2024-07-15.json> OpenPowershellorCommand Promptas an Administrator
> Check Winget is installedwinget -v(this will throw an error if winget is unavailable)
> Update Wingetwinget source update> Export Winget’s list of installed programswinget export -o "REPLACE-WITH-TARGET-FILE"
(update REPLACE-WITH-TARGET-FILE with the target winget export file on the transfer drive)
> Optionally export a list of all programs that Winget does cannot re-install at the same time with this extended commandwinget export -o "REPLACE-WITH-TARGET-FILE" >> "winget_unnavailable.txt" - Export License Keys
naming convention:
License Keys - Nirsoft Product Key Scanner - 2024-07-15.html
or
license-keys_nirsoft-product-key-scanner_2024-07-15.html> use Nirsoft Product Key Scanner or Nirsoft ProduKey, save all as Horizontal HTML - Export Emails
- Extract Passwords and Server Settings
- Nirsoft Mail PassView
- Nirsoft WinMailPassRec
- Nirsoft PstPassword
- Backup any accounts set up as POP > How to export emails to file in Outlook
- Extract Passwords and Server Settings
- Check C: Drive for unusual files/folders > copy to Job folder copying the C: Drive file structure (TransferDrive:\Job#5000\C\FolderToSave)
- [OPTIONAL] Create Winget Install Script > https://winstall.app/ - Select Desired Programs - Generate Script - Download both Batch (.bat) and PowerShell (.ps1) scripts
- Export Drivers
TRANSFERDRIVE:\\Job#5000\Drivers - 2024-07-15\
or
TRANSFERDRIVER:\\Job#5000\drivers_2024-07-15\> OpenPowerShellas an Administrator and run the following script:
Export-WindowsDriver -Online -Destination "REPLACE-WITH-TARGET-FOLDER"
(update REPLACE-WITH-TARGET-FOLDER with the target drivers folder on the transfer drive) - Enable Antivirus
2.2 Prepare New Device (if required)
- Create a Local Account during Windows 10/11 Out of Box Experience (OOBE)
- Option 1: No Internet Connected
Bypass Network Registration > Open Command Prompt:Shift+F10(may require pressingFnon some devices)
> Run command:OOBE\BYPASSNRO(this will restart the OOBE if successful)
> Proceed through OOBE like normal until you get to the Network Selection screen
> SelectI don't have an internet connection(if this button is not available the bypass didn’t work, proceed to Option 2)
> SelectContinue with limited setup
> Create a Local Account:COPS(no password)
> Complete the OOBE as normal - Option 2: Internet Connected
Force Local Account Creation > Proceed though OOBE like normal until you get to the Login with a Microsoft Account screen
> Open Command Prompt:Shift+F10(may require pressingFnon some devices)
> Run command:start ms-cxh:localonly> Create a Local Account:COPS(no password)
> Complete the OOBE as normal - Note regarding Windows 10/11 S Mode
In some cases you won’t be able to open the Command Prompt, you may only see it’s black box flash up on the screen and quickly dissapear. This is could be a indication of the Windows 10/11 install being in S Mode (Store Mode), which disables access to terminals (i.e. Command Prompt) and execution of non Microsoft Store apps.
If you encounter this, you will not be able create a Local Account during the OOBE, and you will need to complete the OOBE with the customer’s Microsoft Account. After the OOBE is complete and you’ve reached the Windows Desktop environment, you may need to Switch Out of S Mode to proceed with the Data Transfer, as S Mode restricts us from running our tools if required.- [OPTIONAL] Switch Out of S Mode
[WARNING] SWITCHING OUT OF S MODE IS A PERMANANT CHANGE AND CANNOT BE REVERTED > Connect to the internet
> Runms-windows-store://pdp/?productid=BF712690PMLF&OCID=windowssmodesupportpage
> Follow the prompts to Switch Out of S Mode
(this will change the Windows edition installed to Windows 10/11 Home or Pro as per it’s installed license)
- [OPTIONAL] Switch Out of S Mode
- Option 1: No Internet Connected
- Configure System Restore
- Check installed Windows’ Edition
> Runwinver - Create a new System Restore point
COPS - Fresh Windows 10/11 Home/Pro Install(use 10 or 11 and Home or Pro as perwinver) - Connect to the Internet (if not already)
- Check Windows is activated
TODO:ms-settings:activationorms-settings:activation?activationSource=SMC-Article-12440 - Configure Time/Date
- Configure Windows Update
> Enable
TODO: Update other Microsoft products
> DisableTODO: get me up to date
> EnableTODO: Notify me when updates are ready
> EnableTODO: Optimize, download from LAN - Update Apps
viaMicrosoft Store
viaWinget - Update Windows
- Update Office apps
> Run
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" /update user forceappshutdown=true - Check Drivers
Bangs(!) exclamation marks in Device Manager indicates missing, incorrect, or corrupt drivers > OpenDevice Managerto check for Bangs(!)
> RunSnappy Driver Installer Origin (SDIO)as an Administrator
> SelectTODO: Create a new system restore point
> Select all missing/incorrect/corrupt drivers (as per bangs! in Device Manager) > ClickInstall - [OPTIONAL] Update Outdated Drivers
- Verify Drivers
- Turn On Windows Verifier:
- Run
verifier - Select
Create standard settings - Click
Next - Select
Automatically select all drivers on this computer - Click
Finish - Restart Windows
shutdown -r -f -t 00> Windows Verifier works by stressing out drivers as they’re loaded (it is expected that the computer’s performance will be impacted while verifier is enabled)
> If Windows loads into the desktop OK and does not crash with Verifier enabled, then all is good and you can proceed to turn it off
> If Verifier induces a crash, Windows should produce a Blue Screen of Death (BSOD) with a STOP Code error and information on the driver that crashed, you can use this information to identify the faulty driver that caused the crash and replace it
- Run
- Turn Off Windows Verifier:
- Run
verifier - Select
Delete existing settings - Click
Finish - Restart Windows
shutdown -r -f -t 00
- Run
- Turn On Windows Verifier:
2.3 Restore
Install Programs > you can use the winget install script for this if you made one > install programs before restoring the user profile, as otherwise some required registry entries may not exist yet
Restore User Profiles > make Administrator, make default user, set no password and set password does NOT expire
Copy over any C: Drive files/folders that were backed up
Restart Windows (this should log in to the restored user profile) > open a command prompt window (or similar) as Administrator to ensure account has admin priviledges
Install Printer Drivers > If you can not install the printer drivers + software without the printer present, save the printer package installer to
C:\COPS\and create a shortcut to it on the customer’s desktopCheck Web Browsers and restore Bookmarks and Passwords from backups as required
Activate software using extracted keys or accounts as required
Configure email accounts as required
Install additional drivers as required
Move any USB Dongles from the old device (Wireless mice, wifi, blue adapters, etc…)
Update Apps
viaMicrosoft Store
viaWingetUpdate Windows
Update Office apps (if installed)
Restart Windows
Remove ‘COPS’ user account
- Run:
netplwiz- SelectCOPS- ClickRemove - Delete
C:\Users\COPS\folder
(Windows may prevent you from removing this folder if it’s currently accessing it in the background, if this happens just restart Windows and try to remove it again) - Empty Recycle Bin
- Run:
System Maintenance
OpenPowershellorCommand Promptas an Administrator and run the follow commands:winget source reset --force winget source update winget upgrade --all --silent sfc /scannow dism /online /cleanup-image /startcomponentcleanup /resetbase dism /online /cleanup-image /restorehealth sfc /scannow defrag /c /o chkdsk c: /r /scan /perf
Restart Windows
Create a new System Restore point
COPS - Completed Data Transfer